Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UserFaultCheck' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'MTUchk' = '{458B715A-108C-47DA-9E24-0881E7FEA246}'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\vl] 'Name' = '%APPDATA%\Catalyst\CatalystCfg.dll'
- %WINDIR%\explorer.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\dns[1].dll
- %APPDATA%\msierr.log
- %WINDIR%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20110809-133215-00.hdmp
- %APPDATA%\Java\j2deploy.dll
- C:\spoolerlogs\spooler.xml
- %APPDATA%\Catalyst\CatalystCfg.dll
- %WINDIR%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20110809-133215-00.mdmp
- %TEMP%\th.t
- %TEMP%\th.t
- из <Полный путь к вирусу> в <Текущая директория>\err.log
- 'my###ads2.net':80
- 'ca###yst.com':80
- my###ads2.net/one/dns.dll
- ca###yst.com/stats/productid.php
- DNS ASK my###ads2.net
- DNS ASK ca###yst.com
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: '' WindowName: 'Spooler SubSystem App'
- ClassName: 'BaseBar' WindowName: 'ChanApp'
- ClassName: 'Shell_TrayWnd' WindowName: ''